Telecommunications signaling networks, like most computer networks, have certain attack vulnerabilities. For example, in a mobile communications network, if a spoofer (i.e., a spoofing or masquerading entity) gains access to subscriber information maintained by a home location register (HLR), the spoofer can use the information to eavesdrop on text messages and voice conversations involving the subscriber. Accordingly, it is desirable to protect subscriber information maintained by an HLR.
Protecting subscriber information maintained by an HLR can be difficult because subscriber information is transmitted over the network in response to location update procedures and there is no authentication or verification of the initiator of such procedures. For example, when a subscriber's user equipment (UE) attaches to a network, the attachment point (e.g., the mobile switching center/visitor location register (MSC/VLR)) in SS7 networks sends messaging to the HLR to update the location of the UE with the HLR. The HLR responds with subscription information concerning the subscriber. It is the subscription information that could possibly be used by a spoofer to eavesdrop or otherwise affect communications to and from the UE.
If a spoofer masquerades as a valid network element serving the UE but is instead acting as an interception point for subscription information, the spoofer can use the location update procedure to obtain the subscription information. For example, the spoofer can send a fake location update (LU) message to the HLR in the home network of the subscriber. The HLR may respond to the spoofer with subscription information for the subscriber as if the spoofer is the valid MSC/VLR where the UE is currently registered. The subscription information is transmitted to the spoofer in a location update response message. Once the spoofer has the subscription information, the spoofer can eavesdrop on communications involving the subscriber and/or conduct other fraudulent activities.
Accordingly, there exists a need for methods, systems, and computer readable media for validating a VLR using a SS7 signal transfer point.